rpms/perl
6
0
Fork 0
Code Issues Pull Requests Releases Activity

Fix crash in Storable when deserializing malformed code reference

Browse Source
This commit is contained in:
Petr Písař 2016-11-28 13:42:21 +01:00
parent 592810058a
commit 2a293b3799
2 changed files with 72 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
perl-5.25.7-Fix-Storable-segfaults.patch Normal file
View File

@ -0,0 +1,61 @@
From fecd3be8dbdb747b9cbf4cbb9299ce40faabc8e6 Mon Sep 17 00:00:00 2001
From: John Lightsey <lightsey@debian.org>
Date: Mon, 14 Nov 2016 11:56:15 +0100
Subject: [PATCH] Fix Storable segfaults.
Fix a null pointed dereference segfault in storable when the
retrieve_code logic was unable to read the string that contained
the code.
Also fix several locations where retrieve_other was called with a
null context pointer. This also resulted in a null pointer
dereference.
---
dist/Storable/Storable.xs | 10 +++++++---
1 file changed, 7 insertions(+), 3 deletions(-)
diff --git a/dist/Storable/Storable.xs b/dist/Storable/Storable.xs
index 053951c..caa489c 100644
--- a/dist/Storable/Storable.xs
+++ b/dist/Storable/Storable.xs
@@ -5647,6 +5647,10 @@ static SV *retrieve_code(pTHX_ stcxt_t *cxt, const char *cname)
CROAK(("Unexpected type %d in retrieve_code\n", type));
}
+ if (!text) {
+ CROAK(("Unable to retrieve code\n"));
+ }
+
/*
* prepend "sub " to the source
*/
@@ -5767,7 +5771,7 @@ static SV *old_retrieve_array(pTHX_ stcxt_t *cxt, const char *cname)
continue; /* av_extend() already filled us with undef */
}
if (c != SX_ITEM)
- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */
+ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */
TRACEME(("(#%d) item", i));
sv = retrieve(aTHX_ cxt, 0); /* Retrieve item */
if (!sv)
@@ -5844,7 +5848,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const char *cname)
if (!sv)
return (SV *) 0;
} else
- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */
+ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */
/*
* Get key.
@@ -5855,7 +5859,7 @@ static SV *old_retrieve_hash(pTHX_ stcxt_t *cxt, const char *cname)
GETMARK(c);
if (c != SX_KEY)
- (void) retrieve_other(aTHX_ (stcxt_t *) 0, 0); /* Will croak out */
+ (void) retrieve_other(aTHX_ cxt, 0); /* Will croak out */
RLEN(size); /* Get key size */
KBUFCHK((STRLEN)size); /* Grow hash key read pool if needed */
if (size)
--
2.10.2

12
perl.spec
View File

@ -28,7 +28,7 @@
Name: perl Name: perl
Version: %{perl_version} Version: %{perl_version}
# release number must be even higher, because dual-lived modules will be broken otherwise # release number must be even higher, because dual-lived modules will be broken otherwise
Release: 380%{?dist} Release: 381%{?dist}
Epoch: %{perl_epoch} Epoch: %{perl_epoch}
Summary: Practical Extraction and Report Language Summary: Practical Extraction and Report Language
Group: Development/Languages Group: Development/Languages
@ -219,6 +219,10 @@ Patch57: perl-5.25.6-perl-130001-h2xs-avoid-infinite-loop-for-enums.patch
# in upstream after 5.25.6 # in upstream after 5.25.6
Patch58: perl-5.24.0-perl-129130-make-chdir-allocate-the-stack-it-needs.patch Patch58: perl-5.24.0-perl-129130-make-chdir-allocate-the-stack-it-needs.patch
# Fix crash in Storable when deserializing malformed code reference, RT#68348,
# RT130098
Patch59: perl-5.25.7-Fix-Storable-segfaults.patch
# Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048 # Link XS modules to libperl.so with EU::CBuilder on Linux, bug #960048
Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch Patch200: perl-5.16.3-Link-XS-modules-to-libperl.so-with-EU-CBuilder-on-Li.patch
@ -2903,6 +2907,7 @@ Perl extension for Version Objects
%patch56 -p1 %patch56 -p1
%patch57 -p1 %patch57 -p1
%patch58 -p1 %patch58 -p1
%patch59 -p1
%patch200 -p1 %patch200 -p1
%patch201 -p1 %patch201 -p1
@ -2952,6 +2957,7 @@ perl -x patchlevel.h \
'Fedora Patch56: Fix firstchar bitmap under UTF-8 with prefix optimization (RT#129950)' \ 'Fedora Patch56: Fix firstchar bitmap under UTF-8 with prefix optimization (RT#129950)' \
'Fedora Patch57: Avoid infinite loop in h2xs tool if enum and type have the same name (RT130001)' \ 'Fedora Patch57: Avoid infinite loop in h2xs tool if enum and type have the same name (RT130001)' \
'Fedora Patch58: Fix stack handling when calling chdir without an argument (RT#129130)' \ 'Fedora Patch58: Fix stack handling when calling chdir without an argument (RT#129130)' \
'Fedora Patch59: Fix crash in Storable when deserializing malformed code reference (RT#68348, RT#130098)' \
'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \ 'Fedora Patch200: Link XS modules to libperl.so with EU::CBuilder on Linux' \
'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \ 'Fedora Patch201: Link XS modules to libperl.so with EU::MM on Linux' \
%{nil} %{nil}
@ -5230,6 +5236,10 @@ popd
# Old changelog entries are preserved in CVS. # Old changelog entries are preserved in CVS.
%changelog %changelog
* Mon Nov 28 2016 Petr Pisar <ppisar@redhat.com> - 4:5.24.0-381
- Fix crash in Storable when deserializing malformed code reference
(RT#68348, RT#130098)
* Wed Nov 09 2016 Petr Pisar <ppisar@redhat.com> - 4:5.24.0-380 * Wed Nov 09 2016 Petr Pisar <ppisar@redhat.com> - 4:5.24.0-380
- Tie perl-Errno release to interpreter build because of kernel version check - Tie perl-Errno release to interpreter build because of kernel version check
(bug #1393421) (bug #1393421)